Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

CA Technologies’ announced acquisition of application-security vendor Veracode will help beef up the company’s DevOps security portfolio, but will also require it to support some product integration with competitors

CA Technologies announced its intention March 7 to buy application-security firm Veracode in a $614 million deal—a move that has all the hallmarks of continuing the industry’s consolidation but more strongly shows the company’s commitment to expanding its DevOps software portfolio, a Forrester analyst argued in a research note published this week.

The acquisition, which will likely close in the first quarter of fiscal 2018 that starts April 1 for CA, expands the company’s DevOps technology offerings with Veracode's dynamic and static application testing as well as the firm’s software-as-a-service application-security testing software. Veracode counts more than 1,400 companies of all sizes as customers.

“They are trying to fill in a missing piece in their DevOps puzzle,” she said. “Over the past few years, they have really promoted the app economy, and now they are saying that security is a major piece of it.”

Further reading

The move appears to be a reaction to the purchase of Cigital by Synopsys, a company focused on the technologies needed to create embedded applications and the Internet of Things. While the closeness of the pair of purchases—Cigital in November and Veracode this month—could signal a new round of consolidation in the DevOps sector, DeMartine argued that the companies are pursuing separate paths.

In its press release, CA Technologies cited Gartner research that estimated that more than half of all enterprise DevOps initiatives will automate the testing of application security by 2019, while less than 10 percent did so last year.

Yet, the move also brings complications. Veracode integrates with other DevOps products that compete with CA Technologies’ own software-development portfolio. While CA could stop supporting those products, it would likely hurt their bottom line, DeMartine said. With 43 percent of developers preferring to use best-of-breed products according to a previous Forrester study, it's unlikely those customers will change their tools any time soon, she said.

“People like their own tools, so if CA wants to sell and be successful, the Veracode tools will have to remain agnostic,” she said.

Whether CA’s strategy will work is unclear, and the company has stressed that benefits will not be seen for a few years.

In addition, because Veracode is a private company, no one will know if the price is right. Yet, at its face, the deal seems extremely good for the firm, DeMartine said.

“They are getting a portfolio of products,” she said. “I was intrigued, but I also thought they got Veracode for cheap.”